Smashing Newsletter

Location-based services are growing in popularity every day, and beacon-based services are tipped to be the advertising goldmine of 2016. You may already be using location data and beacons to enhance your users’ experience with your websites, apps and wearables. However, the use of location data is not without limits.
Developers must become aware of international privacy laws, as well as industry codes of self-regulation, that govern its usage. Following laws and codes, while also adhering to best practice principles through frameworks such as privacy by design (PbD), will ensure public trust in your app as well as in your services as a developer.

Location-based services are growing in popularity every day, and beacon-based services are tipped to be the advertising goldmine of 2016. You may already be using location data and beacons to enhance your users’ experience with your websites, apps and wearables. However, the use of location data is not without limits.

Developers must become aware of international privacy laws, as well as industry codes of self-regulation, that govern its usage. Following laws and codes, while also adhering to best practice principles through frameworks such as privacy by design (PbD), will ensure public trust in your app as well as in your services as a developer.

Further Reading on SmashingMag:

If you are creating a website, app or wearable that uses location data, building in responsible development and regulatory compliance from the very beginning is easy. This article will teach you how to build a healthy workflow for developing with location data by using best practice frameworks, providing users with privacy-friendly options, coding to development guidelines and working with an insightful regard for the law. By following this advice, you can create a responsible and legally compliant development process.

What Is Location Data And Why Is It So Controversial?

A location-based service (LBS) is defined as a service where

the user is able to determine their location,

the information provided is spatially related to the user’s location,

the user is offered dynamic or two-way interaction with the location information or content.

These apps can tell you where your friends are checked in, help you locate your favorite coffee chain or even help you find the nearest wheelchair-accessible restroom. For example, Euan’s Guide, a travel resource for people with disabilities, allows users to note their current location. By providing information on wheelchair- and disability-friendly facilities in a user’s immediate area, the website has opened up a world of opportunities to people who were previously reluctant to travel far from home.

Euan’s Guide, a travel resource for people with disabilities, allows users to note their current location.

When an LBS is mixed with other data sources — a pharmacy’s loyalty card records, for example — this is known as beacon-based marketing. These services can do things like offer you a discount on your favorite shampoo when you walk past a branch of the pharmacy.

While location-based services are a developer’s dream, they clearly have the potential to become a privacy nightmare. The law firm Taylor Wessig uses the example of Google Glasses combining location data with facial-recognition technology to “turn the public into paparazzi.” What’s worse, in countries with no overarching privacy legislation, little prevents users’ location data from being transferred to data brokers without their consent.

Developers cannot solve these complex and troubling issues on their own. However, there are many steps you can take to help users make better decisions about how to use your app, what data they can allow your app to collect and how they want their data to be used.

Best Practices In Location-Based Data Projects

Frameworks

The process of ensuring good location-data privacy starts before you begin to code. The best way to do this is through a workflow known as privacy by design (PbD). PbD is an approach to web development that takes privacy into account from the very beginning across all aspects of a project, rather than bolting it on at the end in “Settings.” The principles pertaining to location data within the framework (PDF, 1 MB) are an excellent starting point. What’s more, the EU’s data-protection reform, which should come into effect in 2018, will include PbD requirements as part of the law — so, there’s no time like the present to begin integrating PbD in your workflow.

Another great resource is the Application Data Privacy project which offers best practice guides arranged by OS, platform, app store, operator, and IoT and home devices. We were also very impressed by the Australian government’s guide on mobile privacy for app developers.

Whichever framework you choose, using one of them will give you a consistent work plan and set of checklists to follow throughout your location data projects.

Contracts and Privacy Policies

The misuse of location data, whether intentional or not, can have serious legal consequences for both you and your client. To protect yourself, the use, processing and retention of location data should be addressed in your project contracts. You and your client should clarify how location data will be used, where it will be stored and what third parties will be granted access to it (more on that later). A robust contract would go further to confirm that no uses of location data will violate the laws of the user’s country. This may require your client to appoint a lawyer in countries where your app is targeted in order to clarify that your work will meet local, national and international data-protection and -privacy laws.

Your LBS and beacon-based marketing projects should include a privacy policy in the app, on the client’s website and on your own website as well. That privacy policy should detail what is done with location data, how that data is shared between the content provider, the mobile provider and any third parties such as ad networks, and how the user can revoke their consent to the use of their data. The privacy policy should be written in clear, plain language and include contact information for where users can raise any concerns they have. A sample privacy policy, along with many other useful resources, is available on the website of the Mobile Manufacturing Association.

Third-Party Services

If your app will be using third-party services such as advertising or social media integration, clarify what use those third parties make of location data and whether your users’ location data will be combined with any other personal data by the third parties. If your website, app or wearable uses social log-in or sharing buttons, location data will very likely be passed to these social networks, and you may wish to remove these services from the areas of your project that use LBS.

Recently several hundred iOS apps were pulled from the App Store after security researchers found that the apps were surreptitiously uploading users’ private data to a mobile ad provider in China. Critically, the developers of the affected apps were unaware of the violation and had no access to the siphoned data. All they had done was use the ad network in question to place ads in the apps. The information that the ad network was collecting could easily be paired with any location data used within the apps or even on the mobile devices themselves.

The Chinese experience shows that it is important to carefully examine what data your apps are passing to third parties, including location data, even if your client does not use any of that data themselves.

Privacy-Friendly Options In Location Data

Once you have decided on a project framework and protected yourself contractually, there are many options you can use to make your location-based app more privacy-sensitive by design. Location data specialists Richard Ferraro and Murat Aktihanoglu (PDF, 1.17 MB) suggest five options.

User Profiles

Allow an app’s users to control what permissions are requested, what data is collected and what data is shared. For example, while I use a step-counter app on my phone, I have deactivated location data in the app, so that the app only measures how much I walk, not where.

Another example of providing options for location data in user settings. (View large version)

Here is another example of providing options for location data in user settings: The app on the left allows me to turn location services on or off in the settings. The app on the right requires location data to be turned on by default. The latter app still demonstrates good privacy practice by informing me of its location-data requirements before I install the app, and it gives me the option to cancel the installation if I do not agree with it.

Opt-In Screens

These are the familiar pop-up screens stating that the app “wants to use your current location.” These screens should be used in conjunction with app settings or user profiles.

A simple opt-in screen

Fuzzy Locations

This transmits an approximate location, such as a city, rather than a specific point in that city. This can be useful in situations where personal safety may be a consideration. One fascinating example of this is an app for sex workers in Manchester, England, which the workers use to alert each other to dangerous and violent customers.

Terms of Service

Limit the time that a user’s location history is stored, and give them the option to delete any or all location records at any time.

Geofencing

You can block certain areas from being readable by an app’s location data, or give the user the option to block them. For example, in a check-in app, a user’s home and school locations should always be set to private by default.

While few users know what the word “geofencing” means, making users aware of it as an option is good privacy practice. (View large version)

Guidelines For Developers

The developer guidelines for the three major app platforms demonstrate three very different approaches to privacy.

iOS

Apple’s developer guidelines for location-based apps suggest that “with a few exceptions, avoid starting location services immediately at launch time or before such services might reasonably be used. Otherwise you might raise questions in the user’s head about how your app uses location data.” Making the activation of location data conditional on other actions, rather than continuous from startup, is a simple way to give users control over their data. Additionally, Apple’s 2015 WWDC seminar on app privacy specifically cites the use of location data as a legal risk to developers and suggests using randomly generated UUIDs as a safeguard.

Android

As Evgeny Morozov explains in his book To Save Everything, Click Here:

“Google relies on GPS-enabled Android phones to generate live information about traffic conditions: once you start using its map and disclose your location, Google knows where you are and how fast you are moving.”

Google’s developer guidelines for Android require location-data permissions in apps. There are two options: coarse location, which uses mobile data beacons to identify a location within an area approximately the size of a city block, and fine location, which uses GPS to identify a location as precisely as possible.

Location data should only be used when it is anonymized (i.e. it cannot be associated with any particular individual).

If it is not anonymized, the user must give their consent for their location data to be used and accessed. Additionally, the user must be able to withdraw their consent at any time. In practice, an app store’s terms and conditions often decree that downloading an app equates to consent to its use of location data, although privacy-friendly apps take that a step further by adding the option to disable location data within the app’s settings.

The service provider should inform the user what location data will be collected and processed, what it will be processed for and whether it will be transmitted to any third parties, including social media websites. Any transmission of data to a third party must also be anonymized.

Users should be able to temporarily stop the use of location data, even if they have previously given consent.

Location data should only be used for a specific reason, and only for the duration necessary for the purpose.

All processing and retention of location-based data is, of course, further governed by the EU Data Protection Directive of 1995. This law is currently undergoing a major overhaul, and the revision is expected to come into effect in 2018, with tighter restrictions on data usage, as well as PbD requirements in all projects.

United States

The two major laws governing the use of location data in the US are the Electronic Communications Privacy Act of 1986 and the Communications Act of 1934 (you read that right: 1934). It is difficult to fathom what relevance these radio-era laws have to today’s problems of unauthorized use of location data in apps, and it may explain the lack of consideration for the appropriate use of location data in many popular platforms.

Industry self-regulation is a partial attempt to bridge the gap left by the lack of legislation. The Federal Trade Commission’s Behavioral Advertising Principles (PDF, 411 KB) suggest that app developers should seek to obtain consent before using location data. This is, of course, a best practice and not a law.

While some form of regulation on location data is clearly coming soon in the US legal system, developers should not wait for legislation to implement best practices. Indeed, a lack of legislation should never be taken to mean a lack of concern. A 2013 study of American Internet users carried out by the Pew Research Centre found that over half of all respondents feel that having control over their location data is important. Responsible web development practice should meet those needs regardless of the lack of legal compulsion.

Public concern over control of location settings is indicated in the bars for “Place you are located when you use the internet.” Unlike in Europe, Americans have no national privacy law to meet these concerns, making privacy-sensitive development even more important for US audiences.

Developing With Confidence

To summarize, you can achieve successful location-based projects by doing the following:

Adopt a best-practice framework in your workflow, such as the privacy-by-design principles.